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DETAILED ACTION 

Claims 1-2,4-7,10,14-26,28-31,34,38-53, and 55 have been considered. 



Specification 

5 The Specification is objected to based on claims 5-7 and 29-31. Appropriate correction to the 

Specification or cancellation of the claims is required. 



Claim Rejections - 35 (JSC §112 

The following is a quotation of the first paragraph of 35 U.S.C. 112: 

1 0 The specification shall contain a written description of the invention, and of the manner and process of 

making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

15 

Claims 5-7 and 29-31 are rejected under 35 U.S.C. 112, first paragraph, as failing to comply with 
the enablement requirement. The claim(s) contains subject matter which was not described in the 
specification in such a way as to enable one skilled in the art to which it pertains, or with which it is most 
nearly connected, to make and/or use the invention. 

20 There is no support for how the limitations function or how the limitations are utilized by the 

system. The claims are listed in the specification merely in passing (Page 3, line 29 to page 4, line 2 and 
page 7, line 30 to page 8, line 2). One of ordinary skill in the art would not be enabled to make or use the 
invention based on the Specification. The examiner does not understand how or why the application 
program interface is modified and how such a modification is combined into the system to be cohesive 

25 with the claimed invention. 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 
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Claims 1-2,4-7,10,14-26,28-31,34,38-53, and 55 are rejected under 35 U.S.C. 112, second 
paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. Part e recites a limitation "to prevent detection". However, the 
limitation is vague and indefinite for failing to point out what type of detection is prevented. The claim 
5 could refer to at least the following: (1) "preventing detection" of the parameters of the files in the virtual 
opened share mode, (2) "preventing detection" of the fact that the computer has a virtual opened share 
mode, or (3) "preventing detection" of information within the particular files running in the virtual opened 
share mode. Appropriate correction is required. 

1 0 Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
15 ^ the prior art are such that the subject matter as a whole would have been obvious at the time the 

invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

20 Claims 1-2,4-7,10,14-18,20,24-26,28-31,34.38-42,44,50, and 53 are rejected under 35 U.S.C. 

103(a) as being unpatentable over Muttik, U.S. Patent No. 6,775,780, in view of Bowlin, U.S. Patent 
Application Publication No. 2002/0099944, in further view of Hutchison, U.S. Patent No. 6,457,022. 

As per claims 1,24, and 50, the applicant describes a method for protecting a computer in an 
25 opened share mode comprising the following limitations which are met by Muttik in view of Bowlin in 
further view of Hutchison: 

a) running a computer on a network in an opened share mode, wherein the opened share mode 
indicates a file structure parameter and a name parameter and applies only to a manually selected list of 
at least one of application programs and data (Muttik: Col 3, lines 30-42; Fig 1; Bowlin: [0038]; Fig 6); 
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b) monitoring attempts to access the computer by applications utilizing the network, using the file 
structure and name parameter (Muttik: Col 1, lines 66-67; Col 2, lines 1-11; Fig 1; Bowlin: [0026]); 

c) determining whether the applications attempt to modify the computer (Muttik: Col 2, lines 9-11; 

Fig 2); 

5 d) executing a security event in response to any attempt to modify the computer (Muttik: Col 2, 

lines 12-15; Col 2, lines 31-36; Fig 2); 

e) wherein the opened share mode indicates a plurality of parameters that are randomly selected 
(Bowlin: [0038]; Hutchison: Col 8, lines 22-25;); 

f) wherein the computer is run in an actual opened share mode and a virtual opened share mode 
10 such that the at least one of application programs and data is accessible in the actual opened share 

mode, and attempted access to the at least one of application programs and data associated with the 
virtual opened share mode prompts a security process (Bowlin: [0026]). 

Muttik does not disclose the use of a file structure and a name parameter for allowing a user to 
manually select which application programs are in opened share mode. 

15 Bowlin discloses a method for protecting a computer in an opened share mode by allowing a user 

to manually select which application programs are in the opened share mode and which are in a virtual 
opened share mode (safe zone) where the application programs think they can access certain files but 
are actually barred from certain files if the user has not granted them access. The applicant should 
compare Fig 6 of Bowlin with Fig 6 of the applicant for the similarities between the two systems. 

20 Combining the ideas of Bowlin with Muttik would be simple. Instead of funneling every application 

through the virtual opened share mode as in Muttik, applications would be tested against the manually 
selected list of applications in the opened share mode to see which applications are in the opened share 
mode and which are in the virtual opened share mode. 

It would have been obvious to one of ordinary skill in the art at the time the invention was filed to 

25 combine the ideas of Bowlin with those of Muttik because adding the use of selecting files based on file 
structure and name parameters lets a user designate which files he wants to be in the opened share 
mode and which he wants to be in the virtual opened share mode. 
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Regarding part e, Muttik in view of Bowlin disclose a system in which a plurality of parameters, or 
file names, are selected in order to prevent detection of certain information associated with files in the 
safe zone by a user. Muttik in view of Bowlin do not disclose the idea that access permissions for files 
are "randomly" selected. Hutchison discloses a system in which access permissions for files are 
5 arbitrarily or randomly selected. Combining the ideas of Hutchison in view of Muttik in further view of 

Bowlin allows a user to "randomly" or "arbitrarily" set permissions for the files in the system. It would have 
been obvious to one of ordinary skill in the art at the time the invention was filed to combine the ideas of 
Hutchison in view of Muttik and Bowlin because doing so allows random designation of files to a safe 
zone or shared mode in the case where the user does not have any preference of which files are marked 
10 for the safe zone and which are marked for the safe zone. For example, if a user wanted to arbitrarily 

share some files on a computer but he did not have the computing power or resources to accommodate a 
vast number of connections, he could randomly set some of the files for shared mode and leave the rest 
in the safe zone. 

15 As per claims 2 and 26, the applicant discloses the method of claims 1 and 24, which are met by 

Muttik in view of Bowlin in further view of Hutchison, with the following limitation which is also met by 
Muttik and Bowlin: 

Wherein the opened share mode allows other computers on the network to access data stored on 
the computer (Muttik: Col 3, lines 30-42; Bowlin: Abstract); 

20 

As per claims 4 and 28, the applicant discloses the method of claims 3 and 27, which are met by 
Muttik in view of Bowlin in further view of Hutchison, with the following limitation which is also met by 
Muttik: 

Wherein the virtual opened share mode indicates to other computers of an ability to write to the 
25 computer (Muttik: Col 2, lines 2-5; Col 5, lines 10-11); 
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The applications coming from the network are placed in an insulated environment to monitor their 
system calls for malicious behavior (Col 2, lines 2-5). Furthermore, one system call that may be deemed 
malicious behavior is a system call to write an executable file with a particular name (Col 5, lines 10-11). 

5 As per claims 5 and 29, the applicant discloses the method of claims 4 and 28, which are met by 

Muttik in view of Bowlin in further view of Hutchison, with the following limitation which is also met by 
Bowlin: 

Wherein the computer operates in the virtual opened share mode by modifying an application 
program interface (Bowlin: [0035]; [0044]; [0027]); 
10 The computer modifies an application program interface by associating it with a filter to see if the 

requested file is within the safe zone. 

As per claims 6 and 30, the applicant describes the method of claims 5 and 29, which are met by 
Muttik in view of Bowlin in further view of Hutchison, with the following limitation which is met by Bowlin: 
15 Wherein the application program interface includes an operating system application program 

interface (Bowlin: [0035]); 

As per claims 7 and 31 , the applicant describes the method of claims 5 and 29, which are met by 
Muttik in view of Bowlin in further view of Hutchison, with the following limitation which is met by Bowlin: 
20 Wherein the application program interface includes a network application program interface 

(Bowlin: [0035]); 

Bowlin discloses an application program interface which is used to interface with network 
applications. 

25 As per claims 10 and 34, the applicant discloses the method of claims 1 and 24, which are met by 

Muttik in view of Bowlin in further view of Hutchison, with the following limitation which is also met by 
Muttik: . 



5 
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Wherein the opened share mode applies to each of a plurality of networks of which the computer 
is a member (Muttik: Col 3, lines 37-42; Fig 1); 

The applicant should note the network (102 in Fig 1) can include a "combination of networks" (Col 
3, lines 40-41). 



As per claims 14 and 38, the applicant describes the method of claims 1 and 24, which are met 
by Muttik in view of Bowlin in further view of Hutchison, with the. following limitation which is met by 
Bowlin: 

Wherein the computer is run on the network in a plurality of opened share modes (Bowlin: 

10 [0044]); 

A plurality of opened share modes is created because different users have different access levels 
to applications. 

As per claims 15 and 39, the applicant discloses the method of claims 1 and 24 respectively, 
15 which are met by Muttik in view of Bowlin in further view of Hutchison, with the following limitation which is 
also met by Muttik: 

Wherein any attempt to modify the computer is utilized in a heuristic analysis for identifying a 
coordinated attack on multiple computers (Muttik: Col 1, lines 66-67; Col 2, lines 1-11); 

The applicant should note that the emulator records a pattern of system calls and analyzes the 
20 behavior of the application which can be viral in a heuristic analysis type approach. The rules (210 of Fig 
2) can be set to a plurality of preferences, including determination of a coordinated attack. 

As per claims 16 and 40, the applicant discloses the method of claims 1 and 24 respectively, 
which are met by Muttik in view of Bowlin in further view of Hutchison, with the following limitation which is 
25 also met by Muttik: 

Wherein attempts to modify the computer are tracked (Muttik: Col 3, lines 66-67; Col 4, lines 1- 
11; Fig 2); 
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As illustrated in Fig 2 and the lines referenced above, system calls are tracked and then fed into a 
comparator for determination of malicious behavior. 



As per claims 17-18 and 41-42, the applicant discloses the method of claims 1 and 24 
5 respectively, which are met by Muttik in view of Bowlin in further view of Hutchison, with the following 
. limitation which is also met by Muttik: 

Wherein it is determined whether the applications attempt to write to memory in the computer, 
and the security event is executed in response to any attempt to write to memory in the computer (Muttik: 
Col 5, lines 10-11); 

10 As described above, attempting to write a file with a particular name to memory is one example of 

a rule that can be set to determine malicious behavior. If the user desires, any attempt to write to memory 
could be deemed malicious behavior. Regarding claims 18 and 42, this includes any attempt to copy the 
virus to memory. Also, the security event can be alerting the user (Col 2, lines 12-15) or terminating 
analysis of the software thereby not allowing the software or application to be executed in real space (Col 

15 2, lines 31-36). The use of either of these security events or both of these security events depends on 
which embodiment of the primary reference is used. 

As per claims 20 and 44, the applicant discloses the method of claims 1 and 24 respectively, 
which are met by Muttik in view of Bowlin in further view of Hutchison, with the following limitation which is 
20 also met by Muttik: 

Wherein the security event includes terminating the application attempting to modify the computer 
(Muttik: Col 2, lines 31-36); 

As described earlier, terminating the analysis of the software attempting to modify the computer 
based on a decision that the software is malicious means that the software will not be executed in real 
25 time since software coming off the network must pass the emulator test before being executed in real 
time. 
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As per claim 25, the applicant discloses the method of claim 24, which is met by Muttik in view of 
Bowlin in further view of Hutchison, with the following limitation which is also met by Muttik: 
Wherein the network includes the Internet (Muttik: Col 3, lines 19-21). 



5 As per claim 53, the applicant describes the method of claim 1 , which is met by Muttik in view of 

Bowlin in further view of Hutchison, with the following limitation which is met by Bowlin: 
Wherein the file structure includes a tree structure (Bowlin: Fig 6). 

Claims 19,21-23,43,45-47,51, and 52 are rejected under 35 U.S.C. 103(a) as being unpatentable 
10 over Muttik in view of Bowlin in further view of Hutchison in further view of Schnurer, U.S. Patent No. 
5,842,002. 

As per claims 19 and 43, the applicant describes the method of claims 1 and 24, which are met 
by Muttik in view of Bowlin in further view of Hutchison, with the following limitation which is met by 
15 Schnurer: 

Wherein the security event includes logging the computer off the network in response to any 
attempt to modify the computer (Schnurer: Col 8, lines 26-35); 

Muttik in view of Bowlin in further view of Hutchison disclose all the limitations of the independent 
claims. However, Muttik in view of Bowlin fails to go into detail about the actions taken when malicious 

20 code is detected. Schnurer discloses a virus trap system similar to Muttik's and Bowlin's in which certain 
actions are taken when malicious code is detected. One of these actions is "shutting down a network 
segment" (Col 8, line 33). This includes logging a computer off the network. It would have been obvious 
to one of ordinary skill in the art at the time the invention was filed to combine the ideas of Schnurer with 
those of Muttik in view of Bowlin to further protect the computer once an application has been deemed 

25 malicious. 
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As per claims 21 and 45, the applicant describes the method of claims 1 and 24, which are met 
by Muttik in view of Bowlin in further view of Hutchison, with the following limitation which is met by 
Schnurer: 

Wherein the security event includes deleting the application attempting to modify the computer . 
5 (Schnurer: Col 8. lines 26-35); 

As per claims 22 and 46, the applicant describes the method of claims 1 and 24, which are met 
by Muttik in view of Bowlin in further view of Hutchison, with the following limitation which is met by 
Schnurer: 

10 Wherein the security event includes an alert transmitted via the network (Schnurer: Col 8, lines 

26-35); 



As per claims 23 and 47, the applicant describes the method of claims 22 and 46, which are met 
by Muttik in view of Bowlin in further view of Hutchison in further view of Schnurer, with the following 
15 limitation which is met by Schnurer: 

Wherein the security event includes information associated with the application attempting to 
modify the computer (Schnurer: Col 8, lines 26-35); 

As per claims 51 and 52, the applicant describes a method for protecting a computer in an 
20 opened share mode comprising the following limitations which are met by Muttik in view of Bowlin in 
further view of Hutchison in further view of Schnurer: 

a) running a computer on a network in a virtual opened share mode and an actual opened share 
mode, wherein the virtual opened share mode allows other computers on the network to access 
predetermined data and programs resident on the computer, and indicates to other computers of an 
25 ability to write to the computer, and the actual opened share mode indicates a file structure parameter 
and a name parameter that are capable of actually being accessed by the other computers, and applies 
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only to a manually selected list of at least one of application programs and data (Muttik: Col 3. lines 30- 
42; Fig 1; Bowlin: [0038]; Fig 6); 

b) monitoring attempts to access the computer by applications utilizing the network, using, at 
least in part, the file structure and name parameter (Muttik: Col 1, lines 66-67; Col 2, lines 1-11; Fig 1; 

5 Bowlin: [0026]); 

c) determining whether the applications attempt to modify the computer (Muttik: Col 2, lines 9-1 1 ; 

Fig 2); 

d) tracking the attempts of the applications to modify the computer (Muttik: Col 3, lines 66-67; Col 
4, lines 1-11; Fig 2); 

10 e) transmitting an alert via the network in response to any attempt to modify the computer, 

wherein the alert includes information associated with the applications attempting to modify the computer 
(Schnurer: Col 8. lines 26-35); 

f) logging the computer off the network in response to any attempt to modify the computer 
(Schnurer: Col 8, lines 26-35); 

15 g) deleting any application attempting to modify the computer (Schunurer: Col 8, lines 26-35); 

h) wherein any attempt to modify the computer is utilized in a heuristic analysis for identifying a 
coordinated attack on multiple computers (Muttik: Col 1, lines 66-67, Col 2, lines 1-11); 

i) wherein (d)-(h) are carried out if it is determined that the applications attempt to modify the 
computer via the virtual opened share mode; and access is permitted if it is determined that the 

20 applications attempt to modify the computer via the actual opened share mode (Bowlin: [0026]; Schnurer: 
Col 8, lines 26-35); 

j) wherein the parameters are randomly selected to prevent detection (Bowlin: [0038]; Hutchison: 
Col 8, lines 22-25); 

Muttik in view of Bowlin discloses a system which incorporates an actual opened share mode 
25 (through manually selected files based on their file structure and name parameters) and a virtual opened 
share mode where a network application accesses a computer thinking it has the ability to write to a 
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particular file but is actually barred from access to the particular file if the user has not designated it 
having access by manually selected the file for the opened share mode. 

Muttik in view of Bowlin, however, fail to go into detail about the actions taken when malicious 
code is detected. Schnurer discloses a virus trap system similar to Muttik's and Bowlin's in which certain 
5 actions are taken when malicious code is detected. These actions include transmitting an alert, deleting 
an application, and logging a computer off the network (Schnurer: Col 8, lines 26-35). Incorporating the 
ideas of Schnurer into the system of Muttik in view of Bowlin would simply mean that Schnurer's ideas for 
dealing with malicious code are executed when an application attempts to modify a file that it is not 
supposed to (ie, a file which is not on the manually selected opened share list). 

10 It would have been obvious to one of ordinary skill in the art to combine the ideas of Schnurer 

with those of Muttik in view of Bowlin because Schnurer discloses actions that can be taken once 
malicious code has been detected to prevent the malicious code from doing damage to the system. 

Regarding part], Muttik in view of Bowlin in further view of Schnurer disclose a system in which a 
plurality of parameters, or file names, are selected In order to prevent detection of certain information 

15 associated with files in the safe zone by a user. Muttik in view of Bowlin in further view of Schnurer do 
not disclose the idea that access permissions for files are "randomly" selected. Hutchison discloses a 
system in which access permissions for files are arbitrarily or randomly selected. Combining the ideas of 
Hutchison in view of Muttik and Bowlin and Schnurer allows a user to "randomly" or "arbitrarily" set 
permissions for the files in the system. It would have been obvious to one of ordinary skill in the art at the 

20 time the invention was filed to combine the Ideas of Hutchison in view of Muttik and Bowlin and Schnurer 
because doing so allows random designation of files to a safe zone or shared mode In the case where the 
user does not have any preference of which files are marked for the safe zone and which are marked for 
the safe zone. For example, if a user wanted to arbitrarily share some files on a computer but he did not 
have the computing power or resources to accommodate a vast number of connections, he could 

25 randomly set some of the files for shared mode and leave the rest in the safe zone. 
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Claims 48 and 49 are rejected under 35 U.S.C. 103(a) as being unpatentable over Muttik in view 
of Bowlin in further view of Hutchison in futher view of Jordan, U.S. Patent Application Publication No. 
2002/0073323. 

5 As per claims 48 and 49, the applicant limits the computer program product of claim 24, which is 

met by Muttik in view of Bowlin in further view of Hutchison, with the following limitation which is met by 
Jordan: 

Wherein at least a portion of the computer code resides on a gateway (Jordan: [0029] and 

[0030]); 

10 Muttik in view of Bowlin in further view of Hutchison disclose all the limitations of the independent 

claim. However, Muttik in view of Bowlin in further view of Hutchison fail to disclose the use of a gateway. 
Jordan describes a virus protection system in which applications are put in a virtual space before being 
actually run on a computer. 

Jordan also describes having the apparatus and methods of the system be embodied in a 

15 transmission medium [0029]. Jordan further discloses that "the computer virus detection methodologies 
may be performed on a file... before the file is stored/copied/executed/opened on the computer" [0030]. A 
gateway is a transmission medium which connects the user to the network. Regarding claim 49 and in 
accordance with both Muttik and Jordan, if the file is determined to be malicious it would be blocked from 
entering the computer. 

20 It would have been obvious to one of ordinary skill in the art at the time the invention was filed to 

combine the ideas of Jordan with those of Muttik in view of Bowlin in further view of Hutchison and 
implement the use of a gateway to block access to a computer so that files are analyzed and discarded 
before they even have a chance to get to the computer. 

25 Claim 55 is rejected under 35 U.S.C. 103(a) as being unpatentable over Muttik in view of Bowlin 

in further view of Hutchison in further view of Schnurer in further view of Porras, U.S. Patent No. 
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6,704,874, in further view of Conklin, U.S. Patent No. 5,991 ,881 , in further view of Boate, U.S. Patent 
Application Publication No. 2002/0104006. 



As per claim 55, the applicant describes the method of claim 1, which is met by Muttik in view of 
5 Bowlin in further view of Hutchison, with the following limitation which is met by Schnurer, Porras, Conklin, 
and Boate: 

a) wherein the security process includes temporarily logging off the network (Schnurer: Col 8, 
lines 26-35); 

b) recording in a record information on any attempt to modify the computer including time and 
10 source information (Conklin: Claim 11, Col 7, lines 51-61); 

c) logging the computer back on the network in a mode other than the actual opened share mode 
(Boate: [0042]); 

d) transmitting the information to a third party (Porras: Col 2, lines 12-37; Col 8, lines 52-61) 

e) determining whether a trend is found indicative of a coordinated attack (Porras: Col 2, lines 12- 
15 37; Col 8, lines 26-35); 

f) sending an alert and logging a culpable computer off the network based on the. determination 
(Schnurer: Col 8, lines 26-35); 

Muttik in view of Bowlin in further view of Hutchison discloses all the limitations of claim 1. 
However Muttik in view of Bowlin in further view of Hutchison does not disclose the limitations of the 
20 above claim. 

Schnurer discloses how a computer virus trap system deals with malicious code when it finds 
malicious code. Among the features described by Schnurer are sending an alert and logging a culpable 
computer off the network (parts a and f). There is motivation to combine because Muttik in view of Bowlin 
in further view of Hutchison discloses how to catch malicious code and Schnurer simply discloses what to 
25 do with the malicious code when it is caught. It would have been obvious to one of ordinary skill in the art 
at the time the invention was filed to combine the ideas of Schnurer with those of Muttik in view of Bowlin 
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in further view of Hutchison because doing so would allow the system to effectively deal with malicious 
code when it is identified. 

Muttik in view of Bowlin in further view of Hutchison in further view of Schnurer fails to describe 
parts d) and e) in which a third party analyzes information for a trend indicative of a coordinated attack. 
5 Porras discloses this feature in which an alert manager third party analyzes received information to 

determine whether a coordinated attack is taking place. Including the ideas of Porras into the system of 
Muttik in view of Bowlin in further view of Hutchison in further view of Schnurer allows the addition of a 
third party alert manager system which is used to determine whether a coordinated attack is taking place. 
When the determination from the alert manager comes back, then the security features described by 
10 Schnurer such as sending an alert to an administrator and/or logging a culpable computer off the network 
would take place. It would have been obvious to one of ordinary skill in the art at the time the invention 
was filed to combine the ideas of Porras with those of Muttik in view of Bowlin in further view of Hutchison 
in further view of Schnurer because having a third party test for a coordinated attack provides enhanced 
security. 

15 Muttik in view of Bowlin in further view of Hutchison in further view of Schnurer in further view of 

Porras does not disclose part b, or recording in a record information on any attempt to modify the 
computer including time and source information. This is disclosed by Conklin. It would have been 
obvious to one of ordinary skill in the art at the time the invention was filed to combine the ideas of 
Conklin with those of Muttik in view of Bowlin in further view of Hutchison in further view of Schnurer in 

20 further view of Porras because recording time and source information is useful in combating an intrusion. 

Muttik in view of Bowlin in further view of Hutchison in further view of Schnurer in further view of 
Porras in further view of Conklin does not disclose part c, or logging the computer back on the network in 
a mode other than the actual opened share mode. Boate discloses the idea of temporarily logging a 
computer off and then temporarily logging a computer back on. Since the system of Muttik, Bowlin, 

25 Hutchison, Schnurer, Porras, and Conklin has a computer which has a shared mode and a virtual shared 
mode designated by the safe zone, the computer is logged back on in a mode other than actual opened 
share mode because in addition to be logged back on in shared mode he is logged on in virtual shared 
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mode designated by the safe zone since the computing system has two modes when it is logged on. It 
would have been obvious to one of ordinary skill in the art at the time the invention was filed to combine 
the ideas of Boate with those of Muttik in view of Bowlin in further view of Hutchison in further view of 
Schnurer in further view of Porras in further view of Conklin. 

5 

Response to Arguments 

Applicant's arguments, see Remarks filed 6/2/05, with respect to part a of claim 1 have been fully 
considered but they are not persuasive. Bowlin discloses a system in which a user manually selects 
application programs and data to be included in a safe zone. The system runs in a shared mode in which 
10 files not checked are allowed to be accessed by network applications and a virtual shared mode in which 
files checked are safeguarded from access by network applications. The opened shared mode does 
apply to the manually selected list as all access requests to files in the opened shared mode are 
compared to the list to make sure they are not marked as being safeguarded. 

15 Applicant's arguments with respect to Bowlin not disclosing subject matter in the former claim 9 

(now claim 1 part e) have been fully considered and are persuasive. Therefore, the rejection under Muttik 
in view of Bowlin has been withdrawn. The examiner argues that Bowlin does not teach randomly 
granting access permissions. The examiner agrees. Bowlin teaches granted access permissions, but not 
necessarily the idea of randomly granting access permissions. Hutchison discloses a system in which file 

20 access permissions are designated randomly. A new grounds of rejection has been made in light of 
Hutchison. 

Combining Hutchison with Muttik in view of Bowlin allows for the selection of permissions for the 
files to be made randomly. The random selection also prevents detection. The selection is done in both 
the applicant's and Bowlin's systems in order to prevent unauthorized detection of privileged information 
25 associated with the files in the virtual opened share mode (safe zone). Combining Hutchison with Bowlin 
allows the selection to be random, but the random selection is still done for the same purpose: to prevent 
unauthorized detection of privileged information associated with the files. 
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Applicant's arguments with respect to former claim 54 (now claim 1 part f) have been fully 
considered but they are not persuasive. The applicant argues that Bowlin does not teach "an actual 
opened share mode and a virtual opened share mode". The examiner disagrees. Bowlin discloses the 
5 use of a manually selected list of permissions for files. The manually selected list has check marks to 
indicate files operating in a virtual opened share mode (safe zone). Files not checked operate in a shared 
mode, or actual opened share mode. Thus, Bowlin does disclose the use of an actual opened share 
mode (files not checked) and a virtual opened share mode (files checked). 

10 Applicant's arguments with respect to claim 5 have been fully considered but they are not 

persuasive. The applicant argues that Bowlin does not teach modifying an application program interface. 
The applicant points to paragraph [0027] in which an application interface is modified by a user through a 
selection process. The computer operates in the virtual opened share mode when the user modifies the 
interface by denying an access request to a file. 

15 The examiner notes that the limitations of the claim have been searched as best understood by 

the examiner. Upon further.examination of the Specification, the examiner has placed a 1 12 1®* rejection 
on the claim for failing to enable one of ordinary skill in the art to make or use the disclosed invention as 
the Specification does not provide support for one of ordinary skill in the art to make or use the disclosed 
invention according to claim 5. 

20 

Applicant's arguments with respect to claim 55 have been fully considered and they are 
persuasive. The examiner agrees with the applicant that Muttik does not disclose limitations b and c. 
The deficiency has been fixed by Conklin and Boate. 



25 



Application/Control Number: 09/916,606 



Page 18 



Art Unit: 2137 

Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Kevin Schubert whose telephone number is (571) 272-4239. The examiner can normally 
be reached on M-F 8:00-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
5 Andrew Caldwell can be reached on (571) 272-3868. The fax phone number for the organization where 
this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
10 Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). 
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